Encrypt sensitive data before insertion, encrypt database as a whole or both?

by johnRivs   Last Updated July 12, 2019 18:06 PM

I have a users table where their name is associated with their signature in the form of an image.

  1. Should I keep these images in the database?
  2. If in the database and seeing how passwords are hashed before insertion, should I encrypt the signature image before inserting it?
  3. Otherwise, can I get away with inserting the image as it is and encrypt the database as a whole?
  4. Maybe encrypt the image before insertion and also encrypt the database?
  5. Or keep the image as a file in disk and encrypt it?
  6. What are pros and cons for different methods?
  7. What happens if the key used to encrypt things is compromised and I have to change it? Would I have to decrypt everything using the compromised key and encrypt everything using the new one?

Related Questions

SQL Server Certificate

Updated July 17, 2017 20:06 PM

SQL Server Backup Encryption on AAG

Updated November 06, 2017 22:06 PM